Force web_origin to be present only on extension gallery installs. For

non-gallery installs, use the download URL as origin. BUG=40848 Review URL: http://codereview.chromium.org/2517001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48878 0039d316-1c4b-4281-b951-d872f2087c98
author: mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-06-03 21:50:42 +0000
committer: mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-06-03 21:50:42 +0000
commit: be18e1585c52880ceb0a15a3260a579a2b06cbeb (patch)
tree: 719296a45edd1140171dd31b200d9e336215fabc
parent: 51a0bb591440055191f7dd5ca1077238369b57bd (diff)
download: chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.zip
chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.tar.gz
chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.tar.bz2
5 files changed, 39 insertions, 17 deletions
diff --git a/chrome/browser/download/download_manager.cc b/chrome/browser/download/download_manager.cc
index dbc3a11..71b6ea6 100644
--- a/chrome/browser/download/download_manager.cc
+++ b/chrome/browser/download/download_manager.cc
@@ -1467,9 +1467,11 @@ void DownloadManager::OpenChromeExtension(const FilePath& full_path,
     if (UserScript::HasUserScriptFileExtension(download_url)) {
       installer->InstallUserScript(full_path, download_url);
     } else {
+      bool is_gallery_download =
+          ExtensionsService::IsDownloadFromGallery(download_url, referrer_url);
       installer->set_allow_privilege_increase(true);
       installer->set_original_url(download_url);
-      installer->set_force_web_origin_to_download_url(true);
+      installer->set_force_web_origin_to_download_url(!is_gallery_download);
       installer->InstallCrx(full_path);
     }
   } else {
diff --git a/chrome/browser/extensions/crx_installer.cc b/chrome/browser/extensions/crx_installer.cc
index 26fab92..34a51d2 100644
--- a/chrome/browser/extensions/crx_installer.cc
+++ b/chrome/browser/extensions/crx_installer.cc
@@ -83,7 +83,7 @@ void CrxInstaller::InstallCrx(const FilePath& source_file) {
           g_browser_process->resource_dispatcher_host(),
           this));
 
-  if (force_web_origin_to_download_url_ && original_url_.is_valid()) {
+  if (force_web_origin_to_download_url_) {
     unpacker->set_web_origin(original_url_.GetOrigin());
   }
 
diff --git a/chrome/browser/extensions/crx_installer.h b/chrome/browser/extensions/crx_installer.h
index 9778f29..d64f668 100644
--- a/chrome/browser/extensions/crx_installer.h
+++ b/chrome/browser/extensions/crx_installer.h
@@ -152,7 +152,9 @@ class CrxInstaller
   bool allow_privilege_increase_;
 
   // If true and the installed extension uses web content, the web origin will
-  // be forced to the origin of |original_url_|. Defaults to false.
+  // be forced to the origin of |original_url_|. Defaults to false. This is used
+  // for non-gallery installs, where we don't trust the origin given in the
+  // manifest.
   bool force_web_origin_to_download_url_;
 
   // Whether to create an app shortcut after successful installation. This is
diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.cc b/chrome/browser/extensions/sandboxed_extension_unpacker.cc
index 9df675c..69d37d8 100644
--- a/chrome/browser/extensions/sandboxed_extension_unpacker.cc
+++ b/chrome/browser/extensions/sandboxed_extension_unpacker.cc
@@ -34,7 +34,8 @@ SandboxedExtensionUnpacker::SandboxedExtensionUnpacker(
     SandboxedExtensionUnpackerClient* client)
     : crx_path_(crx_path), temp_path_(temp_path),
       thread_identifier_(ChromeThread::ID_COUNT),
-      rdh_(rdh), client_(client), got_response_(false) {
+      rdh_(rdh), client_(client), got_response_(false),
+      force_web_origin_override_(false) {
 }
 
 void SandboxedExtensionUnpacker::Start() {
@@ -259,17 +260,29 @@ DictionaryValue* SandboxedExtensionUnpacker::RewriteManifestFile(
       static_cast<DictionaryValue*>(manifest.DeepCopy()));
   final_manifest->SetString(extension_manifest_keys::kPublicKey, public_key_);
 
-  // Override the origin if appropriate.
   bool web_content_enabled = false;
   if (final_manifest->GetBoolean(extension_manifest_keys::kWebContentEnabled,
                                  &web_content_enabled) &&
-      web_content_enabled &&
-      web_origin_.is_valid()) {
-    // TODO(erikkay): Finalize origin policy.  This is intentionally loose
-    // until we can test from the gallery.  http://crbug.com/40848.
-    if (!final_manifest->Get(extension_manifest_keys::kWebOrigin, NULL)) {
+      web_content_enabled) {
+    bool has_web_origin =
+        final_manifest->Get(extension_manifest_keys::kWebOrigin, NULL);
+    if (force_web_origin_override_) {
+      if (has_web_origin) {
+        ReportFailure("Error: untrusted extension should have no web_origin.");
+        return NULL;
+      }
+      if (!web_origin_override_.is_valid() ||
+          web_origin_override_.SchemeIsFile()) {
+        ReportFailure(
+            "Error: untrusted extension has an invalid download origin.");
+        return NULL;
+      }
+
       final_manifest->SetString(extension_manifest_keys::kWebOrigin,
-                                web_origin_.spec());
+                                web_origin_override_.spec());
+    } else if (!has_web_origin) {
+      ReportFailure("Error: trusted extension should have a web_origin.");
+      return NULL;
     }
   }
 
diff --git a/chrome/browser/extensions/sandboxed_extension_unpacker.h b/chrome/browser/extensions/sandboxed_extension_unpacker.h
index 42a334061..4c89082 100644
--- a/chrome/browser/extensions/sandboxed_extension_unpacker.h
+++ b/chrome/browser/extensions/sandboxed_extension_unpacker.h
@@ -97,9 +97,10 @@ class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
                              ResourceDispatcherHost* rdh,
                              SandboxedExtensionUnpackerClient* cilent);
 
-  const GURL& web_origin() const { return web_origin_; }
+  const GURL& web_origin() const { return web_origin_override_; }
   void set_web_origin(const GURL& val) {
-    web_origin_ = val;
+    web_origin_override_ = val;
+    force_web_origin_override_ = true;
   }
 
   // Start unpacking the extension. The client is called with the results.
@@ -173,10 +174,14 @@ class SandboxedExtensionUnpacker : public UtilityProcessHost::Client {
   // The public key that was extracted from the CRX header.
   std::string public_key_;
 
-  // If the unpacked extension uses web content, its origin will be set to this
-  // value. This is used when an app is self-hosted. The only valid origin is
-  // the origin it is served from.
-  GURL web_origin_;
+  // If the app uses web content, its origin will be set to this value. This is
+  // used when an app is self-hosted. The only valid origin is the origin it is
+  // served from.
+  GURL web_origin_override_;
+
+  // If true, we require the web_origin field to be empty in the manifest.
+  // Instead, we use the one given in web_origin_override_. Defaults to false.
+  bool force_web_origin_override_;
 };
 
 #endif  // CHROME_BROWSER_EXTENSIONS_SANDBOXED_EXTENSION_UNPACKER_H_
author	mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-06-03 21:50:42 +0000
committer	mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-06-03 21:50:42 +0000
commit	be18e1585c52880ceb0a15a3260a579a2b06cbeb (patch)
tree	719296a45edd1140171dd31b200d9e336215fabc
parent	51a0bb591440055191f7dd5ca1077238369b57bd (diff)
download	chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.zip chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.tar.gz chromium_src-be18e1585c52880ceb0a15a3260a579a2b06cbeb.tar.bz2